gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b8fb58b392
secubox-openwrt/docs/wiki/modules/AI.md
CyberMind-FR 01246a693d docs: Add comprehensive wiki and module documentation 
Wiki structure:
- Home.md: Main navigation with module categories
- Installation.md: Getting started guide
- Quick-Start.md: First-time setup walkthrough
- Architecture.md: 4-layer architecture overview
- Modules.md: Complete catalog of 80+ modules

Module documentation (docs/wiki/modules/):
- Security.md: 15 security modules (CrowdSec, WAF, Guardians)
- Network.md: 12 network modules (HAProxy, Bandwidth, Traffic)
- Mesh.md: 7 VPN/mesh modules (WireGuard, P2P, MirrorNet)
- DNS.md: 6 DNS modules (DNS Master, Vortex, Meshname)
- Apps.md: 20 application modules (Jellyfin, Nextcloud, Matrix)
- System.md: 14 system modules (Config Vault, Reporter, RTTY)
- AI.md: 8 AI modules (Gateway, LocalAI, Threat Analyst)

Updated:
- SCREENSHOTS.md: Expanded to 111 modules with all categories
- README.md: Added wiki links and module index

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-26 12:35:31 +01:00

339 lines
6.6 KiB
Markdown
Raw Blame History

# AI Modules
SecuBox integrates AI capabilities through 8 specialized modules with data sovereignty controls.
---
## Overview
| Layer | Components |
|-------|------------|
| **Gateway** | AI Gateway (routing, classification) |
| **Inference** | LocalAI, Ollama (local LLMs) |
| **Analysis** | Threat Analyst, CVE Triage, Network Anomaly |
| **Memory** | LocalRecall (persistent AI memory) |
| **Insights** | AI Insights dashboard |
---
## AI Gateway
**Package**: `secubox-ai-gateway` + `luci-app-ai-gateway`
Data sovereignty engine with intelligent provider routing.
![AI Gateway](../../screenshots/router/ai-gateway.png)
### Data Classification
| Tier | Description | Destination |
|------|-------------|-------------|
| **LOCAL_ONLY** | Raw network data, IPs, MACs, logs | Never leaves device |
| **SANITIZED** | Anonymized patterns, scrubbed IPs | Mistral EU (opt-in) |
| **CLOUD_DIRECT** | Generic queries, no sensitive data | Claude/GPT (opt-in) |
### Provider Hierarchy
1. **LocalAI** (local inference, always available)
2. **Mistral** (EU sovereign, GDPR compliant)
3. **Claude** (Anthropic)
4. **OpenAI GPT**
5. **Google Gemini**
6. **xAI Grok**
### CLI
```bash
aigatewayctl status # Gateway status
aigatewayctl classify "text" # Classify data tier
aigatewayctl sanitize "text" # Sanitize sensitive data
aigatewayctl provider list # List providers
aigatewayctl audit # View audit log
aigatewayctl login claude # Configure provider
```
### RPCD Methods
| Method | Description |
|--------|-------------|
| `status` | Gateway status |
| `classify` | Classify data tier |
| `sanitize` | Sanitize text |
| `providers` | List providers |
| `audit` | Get audit log |
| `login` | Configure provider |
---
## LocalAI
**Package**: `secubox-app-localai` + `luci-app-localai`
Local LLM inference server (LocalAI 3.9+).
![LocalAI](../../screenshots/router/localai.png)
### Features
- OpenAI-compatible API
- Multiple model support
- GPU acceleration (optional)
- Embeddings generation
- Voice transcription
### Supported Models
| Model | Size | Use Case |
|-------|------|----------|
| TinyLlama | 1.1B | Fast chat, simple queries |
| Mistral 7B | 7B | General purpose |
| CodeLlama | 7B | Code generation |
| Whisper | - | Audio transcription |
### CLI
```bash
localaictl status # Service status
localaictl models # List models
localaictl download <model> # Download model
localaictl chat "Hello" # Quick chat
```
### API
```bash
# OpenAI-compatible endpoint
curl http://localhost:4050/v1/chat/completions \
-H "Content-Type: application/json" \
-d '{"model":"tinyllama","messages":[{"role":"user","content":"Hello"}]}'
```
---
## Ollama
**Package**: `secubox-app-ollama` + `luci-app-ollama`
Ollama LLM server for easy model management.
![Ollama](../../screenshots/router/ollama.png)
### Features
- Simple model management
- Streaming responses
- Custom modelfiles
- GPU support
### CLI
```bash
ollama list # List models
ollama pull llama2 # Download model
ollama run llama2 "Hello" # Chat
```
---
## Threat Analyst
**Package**: `secubox-threat-analyst` + `luci-app-threat-analyst`
AI-powered threat correlation and analysis.
![Threat Analyst](../../screenshots/router/threat-analyst.png)
### Features
- Multi-source correlation
- AI threat scoring
- Attack pattern detection
- Automated response
- Incident timeline
### Data Sources
| Source | Type |
|--------|------|
| CrowdSec | IDS alerts, decisions |
| WAF | HTTP blocks, patterns |
| DPI | Network flows |
| DNS | Query logs |
| Auth | Login attempts |
### CLI
```bash
threat-analystctl status # Status
threat-analystctl analyze # Run analysis
threat-analystctl report # Generate report
```
---
## CVE Triage
**Package**: `secubox-cve-triage` + `luci-app-cve-triage`
AI-powered vulnerability prioritization.
![CVE Triage](../../screenshots/router/cve.png)
### Features
- CVE database integration
- Risk scoring
- Patch recommendations
- Affected package detection
- Priority ranking
### Scoring Factors
| Factor | Weight |
|--------|--------|
| CVSS Score | 40% |
| Exploitability | 25% |
| Affected Systems | 20% |
| Mitigation Available | 15% |
---
## Network Anomaly
**Package**: `secubox-network-anomaly` + `luci-app-network-anomaly`
AI network traffic anomaly detection.
![Network Anomaly](../../screenshots/router/anomaly.png)
### Features
- Baseline learning
- Deviation detection
- Pattern recognition
- Alert generation
- Automated response
### Detection Types
| Type | Description |
|------|-------------|
| Volume | Unusual traffic volume |
| Pattern | Abnormal traffic patterns |
| Protocol | Protocol anomalies |
| Timing | Unusual timing patterns |
---
## LocalRecall
**Package**: `secubox-localrecall` + `luci-app-localrecall`
Persistent AI memory system.
![LocalRecall](../../screenshots/router/localrecall.png)
### Features
- Context persistence
- Vector storage
- Semantic search
- Memory management
- Privacy controls
### Use Cases
- Conversation history
- Knowledge base
- Configuration memory
- Incident memory
---
## AI Insights
**Package**: `luci-app-ai-insights`
AI-powered system insights dashboard.
![AI Insights](../../screenshots/router/ai-insights.png)
### Features
- System health analysis
- Security recommendations
- Performance insights
- Trend analysis
- Predictive alerts
### Insight Types
| Type | Description |
|------|-------------|
| Security | Threat patterns, vulnerabilities |
| Performance | Resource optimization |
| Network | Traffic patterns |
| Config | Configuration improvements |
---
## Configuration
### Enable AI Features
```bash
# Enable AI Gateway
uci set ai-gateway.main.enabled='1'
uci set ai-gateway.main.local_only='1' # Disable cloud providers
uci commit ai-gateway
# Configure LocalAI
uci set localai.main.enabled='1'
uci set localai.main.model='tinyllama'
uci commit localai
# Start services
/etc/init.d/ai-gateway start
/etc/init.d/localai start
```
### Provider Configuration
```bash
# Configure cloud providers (optional)
aigatewayctl login mistral # Mistral EU
aigatewayctl login claude # Anthropic Claude
aigatewayctl login openai # OpenAI
```
---
## Privacy & Sovereignty
### Data Never Leaves Device
When `local_only='1'`:
- All inference runs locally
- No cloud API calls
- Full data sovereignty
- GDPR compliant
### ANSSI CSPN Compliance
AI Gateway supports ANSSI certification requirements:
- Data classification audit trail
- Encryption in transit/at rest
- Access control logging
- Provider verification
---
See also:
- [Security Modules](Security.md)
- [Architecture](../Architecture.md)
- [API Reference](../API.md)
---
*SecuBox v1.0.0*
Reference in New Issue View Git Blame Copy Permalink